beautypg.com

Using text commands – Westermo MR Series User Manual

Page 147

background image

147

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

NAT traversal enabled:

When set to “On”, this parameter enables support for NAT traversal within IKEv2/IPSec. When
one end of an IPSec tunnel is behind a NAT box, some form of NAT traversal may be required
before the IPSec tunnel can pass packets. Turning NAT traversal on enables the IKE protocol to
discover whether or not one or both ends of a tunnel is behind a NAT box, and implements a
standard NAT traversal protocol if NAT is being performed. The version of NAT traversal sup-
ported is described in the IETF draft “draft-ietf-ipsec-nat-t-ike-03.txt”.

NAT traversal keep-alive interval (s):

This parameter may be used to set a timer (in seconds), such that the unit will send regular
packets to a NAT device in order to prevent the NAT table from expiring.

RSA private key file:

This parameter specifies the name of a file for the X.509 certificate holding the unit’s private
part of the public/private key pair used in certificate exchanges. See “X.509 Certificates” in the
“IPSec and VPNs” section for further explanation.

Using Text Commands

From the command line, use the ike2 command to configure or display IKE2 initiator settings. To
display current settings for an IKE2 instance enter the command:

ike2 ?

where is 0 or 1.

To change the value of a parameter use the command in the format:

ike2

The parameters and values are:

Parameter Values

Equivalent

Web

Parameter

iauthalg

md5, sha1

Authentication algorithm

idhgroup 1,2,5,!

MODP

group

iencalg

des, 3des, aes

Encryption algorithm

ienkeybits

128, 192, 256

Encryption key length (AES only)

inactto 0-255

Inactivity

timeout

Iprfalg

md5, sha1

PRF algorithm

ltime 1-28800 Duration

natkaint

number

NAT traversal keep-alive interval

natt

off, on

NAT traversal enabled

openswan

off, on None.

Enable Openswan support.

privrsakey

filename

RSA private key file

rekeyltime

number

Re-key time (s)

retran 0-9

Maximum

re-transmits

retranint 0-255

Re-transmit

interval

Note:
Using ! for a parameter in a text command means blank.

For example, to turn NAT traversal on you would enter:

ike2 0 natt on

This manual is related to the following products:
See also other documents in the category Westermo Equipment: